37 lines
1021 B
Markdown
37 lines
1021 B
Markdown
|
# Iodine
|
||
|
|
|
||
|
|
## Install Software
|
||
|
|
|
||
|
|
```sh
|
||
|
|
sudo apt install iodine
|
||
|
|
```
|
||
|
|
|
||
|
|
## Apply Configuration
|
||
|
|
|
||
|
|
```sh
|
||
|
|
EXTERNAL=eth0
|
||
|
|
INTERNAL=dns0
|
||
|
|
|
||
|
|
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
|
||
|
|
echo 'net.ipv4.ip_forward = 1' | sudo tee /etc/sysctl.d/60-ipv4-forward.conf
|
||
|
|
|
||
|
|
sudo iptables -t nat -A POSTROUTING -o $EXTERNAL -j MASQUERADE
|
||
|
|
sudo iptables -A INPUT -p udp --dport 5353 -j ACCEPT
|
||
|
|
sudo iptables -A INPUT -i $INTERNAL -j ACCEPT
|
||
|
|
|
||
|
|
# Necessary only if default policy is not ACCEPT
|
||
|
|
sudo iptables -A FORWARD -i $EXTERNAL -o $INTERNAL -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||
|
|
sudo iptables -A FORWARD -i $INTERNAL -o $EXTERNAL -j ACCEPT
|
||
|
|
|
||
|
|
# Adjust domain:
|
||
|
|
sudo iptables -t nat -A PREROUTING -p udp --dport 53 -m string --hex-string "|01|t|07|example|03|com|00|" --algo bm --from 20 --to 65535 -j REDIRECT --to-ports 5353
|
||
|
|
|
||
|
|
sudo cp my-iodined.service /etc/systemd/system
|
||
|
|
sudo cp my-iodined.conf /etc
|
||
|
|
sudo chmod 600 /etc/my-iodined.conf
|
||
|
|
|
||
|
|
sudo editor /etc/my-iodined.conf
|
||
|
|
sudo systemctl enable my-iodined
|
||
|
|
sudo systemctl start my-iodined
|
||
|
|
```
|